A vulnerability was found in xdg-open and xdg-email commands, which
allows remote attackers to execute arbitrary commands if the user is
tricked into trying to open a maliciously crafted URL.
The updated packages have been patched to prevent the issue.